Security News > 2020 > May > Vulnerabilities in 'Page Builder' Plugin Expose 1 Million WordPress Websites
Two high-severity vulnerabilities addressed recently in SiteOrigin's Page Builder WordPress plugin could allow an attacker to execute code in a website administrator's browser.
A page creation plugin, Page Builder by SiteOrigin helps users create column-based content that can adapt to mobile devices, and also provides them with support for the most common widgets.
The plugin has more than 1 million active installations.
While there are checks in place to verify that the user is in the live editor, and that the user is allowed to edit posts, the plugin did not include a nonce protection to verify whether attempts to render content in the live editor came from legitimate sources or not.
Both vulnerabilities were addressed with the release of Page Builder by SiteOrigin version 2.10.16.